CCI-000200

The information system prohibits password reuse for the organization-defined number of generations.

19 rules found Severity: Medium

26 rules found Severity: Medium

11 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: High

2 rules found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

CCI-000200

Limit Password Reuse: password-auth

Limit Password Reuse: system-auth

Limit Password Reuse

Verify Permissions and Ownership of Old Passwords File

Compliance Guardian must provide automated mechanisms for supporting account management functions.

The Akamai Luna Portal must prohibit password reuse for a minimum of five generations.

The DBN-6300 must prohibit password reuse for a minimum of five generations.

CounterACT must prohibit password reuse for a minimum of five generations.

The HP FlexFabric Switch must prohibit password reuse for a minimum of five generations.

The DataPower Gateway must prohibit password reuse for a minimum of five generations.

IBM Aspera Console passwords must be prohibited from reuse for a minimum of five generations.

IBM Aspera Faspex passwords must be prohibited from reuse for a minimum of five generations.

The MQ Appliance network device must prohibit password reuse for a minimum of five generations.

CA VM:Secure product PASSWORD user exit must be coded with the PWLIST option properly set.

The Ivanti MobileIron Core server must prohibit password reuse for a minimum of four generations.

If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password lifetime.

Nutanix AOS must prohibit password reuse for a minimum of five generations.

Riverbed Optimization System (RiOS) must prohibit password reuse for a minimum of five generations.

The Samsung SDS EMM local accounts must prohibit password reuse for a minimum of five generations.

The Tanium application must prohibit password reuse for a minimum of five generations.

The Tanium Operating System (TanOS) must prohibit password reuse for a minimum of five generations.

The Workspace ONE UEM local accounts must prohibit password reuse for a minimum of five generations.

The macOS system must prohibit password reuse for a minimum of five generations.

The Ubuntu operating system must prohibit password reuse for a minimum of five generations.

The Red Hat Enterprise Linux operating system must be configured so that passwords are prohibited from reuse for a minimum of five generations.

The BIG-IP appliance must be configured to prohibit password reuse for a minimum of five generations.

Apple iOS/iPadOS 17 must be configured to enforce a passcode reuse prohibition of at least two generations.

Windows Server 2016 password history must be configured to 24 passwords remembered.

SLEM 5 must not allow passwords to be reused for a minimum of five generations.

SLEM 5 must employ a password history file.

Dragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.

The ESXi host must prohibit the reuse of passwords within five iterations.

The ESXi host must prohibit password reuse for a minimum of five generations.

The Photon operating system must prohibit password reuse for a minimum of five generations.

The vCenter Server must prohibit password reuse for a minimum of five generations.

The Photon operating system must ensure the old passwords are being stored.

The Photon operating system must be configured to use the pam_pwhistory.so module.